CVE-2026-0242

{"id": "CVE-2026-0242", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-0242", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-05-14T00:00:00+00:00"}}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "psirt@paloaltonetworks.com", "affectedData": [{"vendor": "Palo Alto Networks", "product": "Trust Protection Foundation", "versions": [{"status": "affected", "changes": [{"at": "25.3.3", "status": "unaffected"}], "version": "25.3.0", "lessThan": "25.3.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "25.1.8", "status": "unaffected"}], "version": "25.1.0", "lessThan": "25.1.8", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "24.3.6", "status": "unaffected"}], "version": "24.3.0", "lessThan": "24.3.6", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "24.1.13", "status": "unaffected"}], "version": "24.1.0", "lessThan": "24.1.13", "versionType": "custom"}], "defaultStatus": "unaffected"}]}], "published": "2026-05-13T19:16:58.130", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0242", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."}], "lastModified": "2026-06-17T10:10:35.957", "sourceIdentifier": "psirt@paloaltonetworks.com"}